At the simplest level a PDF file is a collection of numbered objects. The objects themselves will tend to be streams of data ( such as the text run, graphics, or fonts) or dictionaries (structures which contained formatted data that describe the document).

The objects themselves are organized by a cross reference table which lists the offsets for the document, and also has a trailer dictionary which list the object numbers important objects. One of those objects is the encryption dictionary, which must exist if the document is encrypted.

So, opening the PDF file in a good text editor (on the Mac I really like BareBones' TextWrangler) search for the string "/Encrypt" which if the file is encrypted should take you to the trailer dictionary which will look something like

If all you want to know is if the PDF file is encrypted, you can stop here - it is encrypted. If you want to know more about how it is encrypted you'll need to find the "Encryption Dictionary", so you'll want to note the object number from the trailer dictionary (1908 in the case above), and search for that object by starting at the beginning of the file and looking for "<object number> 0 obj" (ie "1908 0 obj")

Code:

1908 0 obj<</Filter/EBX_HANDLER/V 1/EBX_TITLE(Book Title)/>>
endobj

Of the most interest in the encryption dictionary will be the /Filter value, which will tell you which security handler was used to encrypt the file. Common values are:

Apologies for resurrecting this old topic, but i've found it extremely useful for some software development I've been doing and I had a question if anyone is able to answer it.

Is there a way to tell if a PDF document has been given an owner password but not a user password? I don't care what the passwords are, or about the content of the PDF, but I do need to know what *type* of password protections are on it.

It seems that encrypted PDFs get both an /O and /U entry in the /Filter section regardless of the type of password in use.

Is there a way to tell if a PDF document has been given an owner password but not a user password? I don't care what the passwords are, or about the content of the PDF, but I do need to know what *type* of password protections are on it.

It seems that encrypted PDFs get both an /O and /U entry in the /Filter section regardless of the type of password in use.

If there is no user (/U) password the pad string is used in it's entirety. So if you generate the /U value using just the pad string (see algorithms 3.2 and 3.4 in the PDF spec), and it is the same as the /U value in the encrypt dict, then there is no user password.

Note that the algorithms will be slightly different for AES256 encrypted documents (came along with Acrobat 9).

If there is no user (/U) password the pad string is used in it's entirety. So if you generate the /U value using just the pad string (see algorithms 3.2 and 3.4 in the PDF spec), and it is the same as the /U value in the encrypt dict, then there is no user password.

Note that the algorithms will be slightly different for AES256 encrypted documents (came along with Acrobat 9).

The ineptpdf scripts can also decrypt password protected pdfs - no biggy